Posts Tagged ‘Facebook’
Social Media and the Workplace
Thursday, June 14th, 2012
No one wants to lose his or her job over a Facebook post. However, most employees also do not think twice before griping about a boss in a status update, or posting a picture from last Friday night on a coworker’s wall. While free speech has historically been protected in the United States, there can also be negative repercussions for exercising that right.
By Alice Cheng
Does it violate the law to fire someone over social media activity? Possibly, depending on whether the post is determined to be a “protected concerted activity” or not. Generally, the National Labor Relations Board (NLRB) has determined that Section 7 of the National Labor Relations Act permits “concerted activity,” which involves employees talking jointly about terms or conditions of employment (i.e., coworkers discussing a disliked supervisor on Facebook), and is permissible in order to protect employees against employer retaliation. Section 8(a)(1) is related and prohibits interfering with employees rights under Section 7.
For example, merely “venting” on a social network about a workplace condition is generally not enough to constitute protected concerted activity. Protected posts usually must involve, at a minimum, initiating or inducing coworkers to action (i.e., generating discussion among coworkers on Facebook).
Last month, the Acting General Counsel of the NLRB issued his third report on social media, including an analysis of seven recent social media cases, focusing on employers’ social media policies and rules. The report mentions that rules explicitly restricting Section 7 activity would be clearly unlawful. If the rule does not explicitly do so, it may still be unlawful under Section 8(a)(1) upon a showing that: “(1) employees would reasonably construe the language to prohibit Section 7 activity; (2) the rule was promulgated in response to union activity; or (3) the rule has been applied to restrict the exercise of Section 7 rights.” Although the cases within the report do not represent “the law,” they still provide helpful general guidance for employers seeking to design appropriate policies.
Avoid broad and ambiguous language. Policies which tell employees to not use “offensive” or “demeaning” comments should be backed with a specific example (such as offensive posts meant to discriminate based on race, sex, religion, or national origin) so that reasonable employers would not construe such language to cover protected activities. The Board has also long held that any rule requiring an employee to obtain the employer’s permission prior to engaging in protected activity is blatantly unlawful. Similarly, policies cannot require posts to be “completely accurate and not misleading” and should not limit discussions of work so that any discussion would be virtually impossible.
Rules requiring employees to maintain the confidentiality of trade secrets and private and confidential information are permissible, as employees have no protected right to discuss these matters. Generally speaking, employees have few rights to workplace privacy. However, there are limits on an employer’s ability to limit the use of the employer’s logos and trademarks. For example, an employer cannot prohibit the use of picket signs containing the logos or trademarks.
Savings clauses have no real effect. These clauses generally state that the policy will be administered in compliance with relevant laws. The NLRB has dismissed these as not curing any ambiguities in the overbroad policies.
It is also helpful for employers to place policies in context. The policies should acknowledge the usefulness and appeal of social media, but also remind employees that they are responsible for what they write, to know their audience, and to use their best judgment. The purpose of a social media policy should clearly be to avoid use that would adversely affect job performance or business interests (including harming clients or customers), rather than for the sake of surveillance and retaliation.
Employers should also stay updated on recent developments pertaining to the disclosure of social media passwords. Recently a number of states have considered or implemented bans on “shoulder surfing” or mandatory disclosure of private accounts.
Behavioral Advertising and “Do Not Track”: Navigating the Privacy Minefield
Tuesday, February 28th, 2012
By Aaron Messing
The Internet is fraught with privacy-related dangers for companies. For example, Facebook’s IPO filing contains multiple references to the various privacy risks that may threaten its business model, and it seems like every day a new class action suit is filed against Facebook alleging surreptitious tracking or other breaches of privacy laws. Google has recently faced a resounding public backlash related to its new uniform privacy policy, to the extent that 36 state attorney generals are considering filing suit. New privacy legislation and regulatory activities have been proposed, with the Federal Trade Commission (FTC) taking an active role in enforcing compliance with the various privacy laws. The real game changer, however, might be the renewed popularity of “Do Not Track”, which threatens to upend the existing business models of online publishers and advertisers. “Do Not Track” is a proposal which would enable users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.
To understand the genesis of “Do Not Track” it is important to understand what online tracking is and how it works. If you visit any website supported by advertising (as well as many that are not), a number of tracking objects may be placed on your device. These online tracking technologies take many forms, including HTTP cookies, web beacons (clear GIFs), local shared objects or flash cookies, HTML5 cookies, browser history sniffers and browser fingerprinting. What they all have in common is that they use tracking technology to observe web users’ interests, including content consumed, ads clicked, and other search keywords and conversions to track online movements, and build an online behavior profiles that are used to determine which ads are selected when a particular webpage is accessed. Collectively, these are known as behavioral targeting or advertising. Tracking technologies are also used for other purposes in addition to behavioral targeting, including site analytics, advertising metrics and reporting, and capping the frequency with which individual ads are displayed to users.
The focus on behavioral advertising by advertisers and ecommerce merchants stems from its effectiveness. Studies have found that behavioral advertising increases the click through rate by as much as 670% when compared with non-targeted advertising. Accordingly, behavioral advertising can bring in an average of 2.68 more revenue than of non-targeted advertising.
If behavioral advertising provides benefits such as increased relevance and usefulness to both advertisers and consumers, how has it become so controversial? Traditionally, advertisers have avoided collecting personally identifiable information (PII), preferring anonymous tracking data. However, new analytic tools and algorithms make it possible to combine “anonymous” information to create detailed profiles that can be associated with a particular computer or person. Formerly anonymous information can be re-identified, and companies are taking advantage in order to deliver increasingly targeted ads. Some of those practices have led to renewed privacy concerns. For example, recently Target was able to identify that a teenager was pregnant – before her father had any idea. It seems that Target has identified certain patterns in expecting mothers, and assigns shoppers a “pregnancy prediction score.” Apparently, the father was livid when his high-school age daughter was repeatedly targeted with various maternity items, only to later find out that, well, Target knew more about his daughter than he did (at least in that regard). Needless to say, some PII is more sensitive than others, but it is almost always alarming when you don’t know what others know about you.
Ultimately, most users find it a little creepy when they find out that Facebook tracks your web browsing activity through their “Like” button, or that detailed profiles of their browsing history exist that could be associated with them. According to a recent Gallup poll, 61% of individuals polled felt the privacy intrusion presented by tracking was not worth the free access to content. 67% said that advertisers should not be able to match ads to specific interests based upon websites visited.
The wild west of internet tracking may soon be coming to a close. The FTC has issued its recommendations for Do Not Track, which they recommend be instituted as a browser based mechanism through which consumers could make persistent choices to signal whether or not they want to be tracked or receive targeted advertising. However, you shouldn’t wait for an FTC compliance notice to start rethinking your privacy practices.
It goes without saying that companies are required to follow the existing privacy laws. However, it is important to not only speak with a privacy lawyer to ensure compliance with existing privacy laws and regulations (the FTC compliance division also monitors whether companies comply with posted privacy policies and terms of service) but also to ensure that your tracking and analytics are done in an non-creepy, non-intrusive manner that is clearly communicated to your customers and enables them to opt-in, and gives them an opportunity to opt out at their discretion. Your respect for your consumers’ privacy concerns will reap long-term benefits beyond anything that surreptitious tracking could ever accomplish.
Limits of Privacy on Facebook
Thursday, December 1st, 2011Despite Facebook’s “Privacy Settings”, Your Information Might Not Be So Private
By Michael Feldman
With over 800 million users, there is a good chance that you, a family member or a business colleague uses Facebook. Many people assume that their posts and information viewed on Facebook is only available to their “friends.” Such an assumption would be wrong for several reasons.
First, your information is only private to the extent you affirmatively check certain boxes for your Facebook page. If you fail to select the appropriate settings, you will be allowing more than your “friends” to view your personal information. Remember that these settings involve not only limiting what the general public can see, but what advertisers and other websites you visit can see about your Facebook page (even if you are not logged on to Facebook at the time). Therefore, consider adjusting your privacy settings in the category marked “Apps, Games and Websites” and “How people bring your info to apps they use.” To maximize your privacy, turn off all platform apps.
Second, unlike Google+, Facebook does not make it easy to create different categories of “friends”, each of which only has access to limited information. Rather, once you make someone your “friend” – whether that person is a true friend, your boss or co-worker, someone you met last night, or even a celebrity you never met – that “friend” has the same access to your personal information that your best “friend” has. Though the user can block off certain “friends” from certain information, the process to do so is neither obvious nor simple. Such sharing of personal information would never occur outside of online social networking sites.
Third, you might never know what personal information Facebook or other social networking sites actually share. As you may have heard, Facebook just settled a Complaint by the Federal Trade Commission (“FTC”), which alleged that Facebook deceived consumers by asserting that their information would be private, then making it Public. Pursuant to the settlement, Facebook must now be honest in what it tells users, provide users with notice before changing its privacy settings (assuming the user actually reads these) and will undergo privacy audits every 2 years for the next 20 years. The settlement is far from perfect from a consumer viewpoint. The settlement is unclear about whether Facebook can share your information with advertisers – the primary source of Facebook’s revenue. In addition, though Facebook has to disclose its privacy policy to users, there is no requirement that the policies be in language easily understood by its users, as opposed to legalese. Perhaps most disturbingly to some is that the settlement keeps Facebook’s users in the dark about the results of the FTC’s investigation. Therefore, the taxpayers who paid for the investigation and the alleged victims – the Facebook users – will not know what privacy violations have already occurred. Thus, Facebook users may never know how their personal information has already been used, sold or distributed.
Fourth, several recent Court decisions have held that your Facebook page is not necessarily private. That is, litigants have obtained access to Facebook pages (among other social networking sites like MySpace) to prove their case. For example, in one case, a plaintiff claimed she was injured and unable to participate in activities she previously enjoyed. Against her objection, her adversary obtained access to her Facebook and MySpace pages to prove that the plaintiff was lying. The defendant was even able to gain access to “deleted” information from those pages. Similarly, other Courts have held that you have no “right to privacy” in your Facebook or MySpace pages because those companies do not guarantee complete privacy. As a result, employees have been terminated for information they posted online.
Fifth, your “friends” can share your information without your permission. Unauthorized sharing has also occurred as a result of viruses or hackers, both of which are rampant.
Sixth, never assume that what you delete is truly deleted. It is not. “Deleted” information is usually stored for an extended period of time with or without your knowledge.
The bottom line is that you should be very careful when you post information on a social networking site such as Facebook. You should assume that despite your privacy settings, the information may potentially be seen, shared or obtained by other than your “friends” without your explicit permission or knowledge. Notwithstanding, it is also critical that you take advantage of the privacy settings available and be familiar with the privacy policy of your social networking site to maximize your privacy. You would not allow strangers to wander your house or office, so do not let them wander your Facebook page.